While the increasing pervasiveness of digital technology has made our jobs, and our lives, easier, it brings with it the risk of security breaches. For lawyers, this adds an extra challenge when it comes to protecting our clients. Part of building client trust is being able to ensure that their data is protected. At one time, the risk of data theft was mostly a concern for large corporations. But today, no entity – big or small – is exempt from this threat. Everyone has some form of desirable data that, if obtained, can be damaging in one way or another.
Ensuring your clients’ data is secure should be a top priority for law firms of any size. Being aware of the threats your firm may face is the first step in taking the appropriate actions. Threats can come from anywhere: foreign hackers from state-supported nations, domestic hackers which attack computer programs in order to steal sensitive information, ex-employees with protected information, and even corporate espionage – competitors looking to steal information or even scanning for case information, employee data, and privileged client data.
Always have a plan to protect your clients’ data. Any changes to security protocols should be followed immediately by training and employee updates as to how these security changes may affect the way they upload and access information. Making sure that each attorney understands these changes and knows how to work within these new protocols is essential for avoiding delays in case development. Training should include:
- Potential threats
- Changes or updates to security policies and protocols
- Understanding how these changes affect employees
- How to work within the confines of these changes
- All electronic forms of communication
- Incident reporting protocols
- Proper internet access methods
- Mobile device security
- New password policies
- Any changes involving remote access to computers
- Social media use and management
- The firm’s Acceptable Use Policy
- Visitor policies and protocols
- Wireless access management security
Reviewing the company’s security certifications and policies that host your cloud storage is another vital component to ensuring client data is protected – and monitoring the system is just as important. Use only the highest quality antivirus, intrusion, antispam, and malware detection programs. Regular firewall monitoring will also keep you updated, as well as, give you an idea as to how often your systems are under attack. You can also use two-factor authentication to kick-start your security practices. This type of authentication requires two separate methods of identification in order to access data, such as a token and a password.
If you’re willing to invest even more money, you could hire a third-party security analysis company to test the security of your firm. They will let you know how difficult it is to access information, and the percentage of risk factors of outside forces being able to access your clients’ data. A Pen Test (Penetration Test) should be executed by professionals and with care to ensure a zero damage rate to systems.
Jeff Hughes, J.D.